Solutions:
Preventing NX-OS to generate ICMP Unreachable messages with the no ip unreachables interface subcommand (a very common Cisco IOS hardening command) is not sufficient, we need to also prevent NX-OS from generating ICMP Port Unreachable messages with the no ip port-unreachable interface subcommand, in order to prevent NX-OS from leaking information to port scanning tools.